def segmentName(self, idx):
"""Return the name of the wanted segment.
Args:
idx (int): segment index (in the range [0, numSegments() - 1])
Return Value:
string name of the given segment
"""
return sark.Segment(index=idx).name
def segmentFunctions(self, idx):
"""Return a collection / generator of addresses (ea) of the functions in the given segment.
Args:
idx (int): segment index (in the range [0, numSegments() - 1])
Return Value:
collection of function addresses
"""
return map(lambda x: x.ea, sark.Segment(index=idx).functions)
import sark
import idaapi
import idautils
# anim = sark.structure.get_struct('BalokImage')
anim = sark.structure.get_struct('AnimationFrame')
end_of_frame = sark.structure.get_struct("EndOfAnimFrame")
play_sound = sark.structure.get_struct("PartialFuncPlaySound")
func_with_count = sark.structure.get_struct("PartialFuncWithCount")
partial_func_param1 = sark.structure.get_struct("PartialFuncParam1Func")
set_image_width = sark.structure.get_struct("PartialFuncSetImageWidth")
dataseg = sark.Segment(name='dataseg').ea
# anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea)
current_position = sark.Line().ea
# current_byte = idaapi.get_byte(current_position)
done = False
print("running")
while not done:
current_byte = idaapi.get_byte(current_position)
if current_byte == 0xff:
print("applying EndOfAnimFrame")
idaapi.doStruct(current_position, 2, end_of_frame)
next_byte = idaapi.get_byte(current_position + 1)
if next_byte == 0xff:
done = True
current_position += 2
elif current_byte < 0x80:
# print(current_byte)
print("applying AnimationFrame")
import sark
import idautils
import idaapi
import csv
dataseg = sark.Segment(name="dataseg")
with open('c:/Users/Joe/applied_structs.csv', 'r') as csvfile:
for row in csv.reader(csvfile):
struct_id = idaapi.get_struc_id(row[1])
size = idaapi.get_struc_size(struct_id)
idaapi.doStruct(int(row[0]) + dataseg.ea, size, struct_id)
import sark
import idautils
import idaapi
import csv
with open('c:/Users/Joe/test.csv', 'r') as csvfile:
reader = csv.reader(csvfile)
segment = sark.Segment()
for row in reader:
try:
print row
new_seg_addr = int(row[1]) + segment.ea
func = sark.Function.create(ea=new_seg_addr)
except sark.exceptions.SarkFunctionExists:
func = sark.Function(ea=new_seg_addr)
func.name = row[0]
import sark
import idaapi
import idautils
anim = sark.structure.get_struct('AnimationFrame')
while idaapi.is_debugger_on():
dataseg = sark.Segment(name='dataseg').ea
anim_offset = idaapi.get_word(sark.Line(ea=dataseg + idautils.cpu.di + 2).ea)
anim_addr = dataseg + anim_offset
idaapi.doStruct(anim_addr, 6, anim)
idaapi.jumpto(sark.Segment(name='dataseg').ea + anim_offset)
idaapi.continue_process()
idaapi.wait_for_next_event(2, 10000)
def get_segment_names(name):
seg = sark.Segment(name=name)
for ea, name in idautils.Names():
if seg.startEA <= ea < seg.endEA:
yield ea, name
def get_segment_names(self, name):
rval = sark.Segment(name=name)
for ea, name in idautils.Names():
if rval.startEA <= ea < rval.endEA:
yield ea, name
"""
IDAPython get argument function.
@hikai
"""
import sark
extern = list(sark.Segment(name="extern").functions)
system = filter(lambda x: x.name == 'system', extern)[0]
xrefs = filter(lambda x: x.iscode == 1, system.xrefs_to)
func_xrefs = []
for xref in xrefs:
func_xrefs.append(sark.Function(xref.frm).startEA)
func_xrefs = set(func_xrefs)
for xref in func_xrefs:
func = sark.Function(xref)
lines = map(lambda x: x.disasm, func.lines)
for index, line in enumerate(lines):
if "jalr" in line and "websGetVar" in line:
for i in range(index, 0, -1):
if "$a1" in lines[i]:
print(func, lines[i])
break
import sark
import idautils
def in_segment(address, segment):
return address >= segment.startEA and address <= segment.endEA
codeseg = sark.Segment(name='seg004')
names = [i for i in idautils.Names() if in_segment(i[0], codeseg)]
names = [(i[0] - codeseg.startEA, i[1]) for i in names]
with open('c:/Users/Joe/dataseg.csv', 'w') as csvfile:
writer = csv.writer(csvfile)
writer.writerows(names)
